Attorney Docket No. 030457 

REMARKS 

The Office is thanked for the careful review of the subject application. 

Claims 24-46 are pending in the present application. Claims 24, 28, 32, 36, and 40 are 

independent claims. New dependent claim 46 is added in the foregoing amendment. No new 

subject matter has been introduced. 

The Applicant believes that the present application is now in condition for allowance, 
which prompt and favorable action is respectfully requested. 

Claim Objections 

Claims 24, 28, 32, 36, and 40 are objected to for reciting "a application identifier." By 
the present Amendment, each of claims 24, 28, 32, 36, and 40 now recite "an application 
identifier. Accordingly, Applicant respectfully requests that the Office withdraw this objection. 
Rejections under 35 U.S.C. § 101 

Claims 28-35 are rejected under 35 U.S.C. § 101 for allegedly being directed to non- 
statutory subject matter. The Applicant respectfully traverses this rejection. 

In particular the Office Action states that "[according to Applicant's specification (see 
[0073]) the system comprises software which is not considered to fall within one of the four 
statutory categories of invention." (See Page 2 of the 6/2/2008 Office Action). As an initial 
matter, claims 32-35 are structural apparatus claims, with "means for" features that read upon 
structure from the application that performs the functionality recited therein, pursuant to 35 
U.S.C. § 1 12, 6th paragraph. Accordingly, this rejection is improper as applied to claims 32-35. 

Further, the Office Action's position appears to be that a system comprising software is 
per se non-statutory. However, this is not the correct standard to be applied. MPEP § 2106.1 
sets forth the standard for determining whether a claim is directed to statutory or non-statutory 
computer-related subject matter, and states: 
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Descriptive material can be characterized as either 'functional descriptive 
material' or 'nonfunctional descriptive material' In this context, 'functional 
descriptive material' consists of data structures and computer programs which 
impart functionality when employed as a computer component . .. When 
functional descriptive material is recorded on some computer-readable medium, it 
becomes structurally and functionally interrelated to the medium and will be 
statutory in most cases since use of technology permits the function of the 
descriptive material to be realized. 

Computer programs are often recited as part of a claim. USPTO personnel should 
determine whether the computer program is being claimed as part of an otherwise 
statutory manufacture or machine . In such a case, the claim remains statutory 
irrespective of the fact that a computer program is included in the claim . .. Only 
when the claimed invention taken as a whole is directed to a mere program listing, 
i.e., to only its description or expression, is it descriptive material per se and 
hence nonstatutory. {Emphasis added; see MPEP § 2106.1) 



With regard to claims 28-31, an apparatus is being claimed, which comprises logic that 
when executed by the apparatus performs the functionality recited therein. Claim 28, for 
example, taken as a whole cannot be said to be directed to a "mere program." For example, the 
"transmitting logic that operates to transmit the server credential to the data server" must 
necessarily operate with structure that is at least indirectly connected to the data server to 
achieve the requisite transmission (i.e., a program by itself cannot transmit anything). Thus, this 
claim is not directed to a mere program or mathematical algorithm. Again, as mentioned above, 
"USPTO personnel should determine whether the computer program is being claimed as part of 
an otherwise statutory manufacture or machine . In such a case, the claim remains statutory 
irrespective of the fact that a computer program is included in the claim " (Emphasis added; see 
MPEP § 2106.1). Because the apparatus itself is statutory in claim 28, the Applicant respectfully 
submits that its dependent claims 29-3 1 are also statutory. 

The Applicant respectfully requests that the Office withdraw this rejection. 
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Rejection under 35 U.S.C. § 103(a) 

Claims 24-45 were rejected under 35 U.S.C. § 103 (a) as allegedly being unpatentable 
over U.S. Patent No. 6,477,645 ("Drews") in view of U.S. Patent Publication No. 2002/0023059 
("Ban") and further in view of U.S. Patent No. 7,010,690 ("Hanna"). The Applicant respectfully 
traverses this art grounds of rejection. 

Drews is directed to an authority and integrity check in systems that lack a public key. In 

particular, Drews is directed to authenticating (i) a remote device and (ii) a user of the remote 

device. Referring to FIG. 2, Drews teaches a method 200 that "includes identify platform 210, 

identify user 220, transmit 230, compute 240, supply 250, query 260, compare 270, display 280, 

and query user 290." (See FIG. 2 and Col. 6, lines 18-20). Drews further states: 

In identify platform 210 and identify user 220, an authorizing entity identifies a 
user platform for receiving information and a user responsible for the platform . 
For example, an IT organization identifies a newly installed workstation as 
requiring installation of a boot image and identifies an engineer as responsible 
for the installation of software on the workstation, in transmit 230 and compute 
240, information and a credential are transmitted to the user platform identified 
in identify platform 2 1 0, and a transformation value of the credential is 
computed on the user platform . For example, a boot image and credential are 
transmitted from a remote platform to a workstation, and a hash value of the 
credential is computed on the workstation. (See FIG.2 and Col. 6, lines 20-33 of 
Drews, Emphasis added) 



As will be appreciated in view of the reproduced excerpt of Drews, Drews teaches 
identifying the device or platform requesting authentication (210), and also identifying a user of 
the requesting device (220). Based on the identifications of 210 and 220, a transformation value 
is calculated in 240, and supplied to the user of the requesting platform in 250. The supplied 
transformation value from 250 is later used to authenticate the user (260,270). 

Drews is directed to platform/user based authentication, not application authentication 
With respect to claim 24, the Office Action reads, "receiving an application identifier in a 
request for a server credential" upon Drews at Column 3, lines 15-19 and lines 57-65. With 
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respect to the "application identifier," the Applicant respectfully directs the Office to Column 3, 

lines 15-19, which reads as follows: 

Transformation value generator 1 15 is provided to convert a variable length 
amount of digital data into a more concise form . In one embodiment of the 
invention, generator 1 15 is a hash function. A hash function accepts any length 
input and generates a fixed length output. Hash functions are known in the art and 
those skilled in the art will recognize that a hash function suitable for use in 
embodiments of the present invention is one that is relatively easy to compute, one- 
way, and collision-free. (See Col. 3, line 15-19 of Drews, Emphasis added) 

The above-cited portion of Drews is emphasized because the Office Action states "a 

variable length amount of digital data (application identifier)" (Page 3 of the 6/2/2008 Office 

Action), indicating that the "application identifier" as claimed is read upon the digital data used 

by Drews to compute the transformation value, which corresponds to a hash function applied to 

the digital data. The digital data referred to in this section is information 155, which is 

transmitted along with credential 160 from the remote platform to the user platform (e.g., see 

Column 2, lines 9-33 of Drews, e.g., see also Column 4, line 25-27). With regard to the 

information 155, Drews indicates that the information 155 that is used to compute the 

transformation value can be a boot image (See Col. 2, line 37-41 of Drews). A boot image does 

not identify a particular application. Rather, boot images are used to enable hardware to load an 

operating system. Claim 24 is directed to a method "to authenticate an application running on a 

device." Thus, to authenticate the particular application in question, an application identifier is 

sent along with the authentication request. Clearly, in Drews, the remote platform is not trying 

to authenticate the boot image, but is using the boot image to identify the platform. . 

Additionally, Drews is completely silent regarding application authentication. Rather, 

Drews is directed to authenticating a remote platform and a user of the remote platform. Drews 

does not engage in application-specific authentication. For example, the transformation value 
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used to authenticate the remote platform is generated based on identifications of the platform 
(210) and user (220), not an application running on the platform. 

Likewise, Bari does not disclose or suggest authenticating an application. Rather, Bari 
refers to "the user's Authentication Credentials" (See [0034], Bari). Thus, Bari is directed to 
user authentication, not application authentication. Also, Hanna is directed to "[a] method and 
apparatus for authenticating and authorizing a user of a device ..." (Hanna, Abstract). 
Accordingly, Hanna is also directed to user authentication, and not application authentication. 

Accordingly, Drews in view of Bari and further in view of Hanna cannot disclose or 
suggest "receiving an application identifier in a request for a server credential", "generating the 
server credential using the application identifier and a master credential" and "transmitting the 
server credential to the data server, wherein if the server credential and the application 
credential match, the application is authenticated ' as recited in independent claim 24 and 
similarly recited in independent claims 28, 32, 36 and 40 (Emphasis added). 

In view of the above remarks, claims 25-27, 29-31, 33-35, 37-39, and 41-45, dependent 
upon independent claims 24, 28, 32, 36 and 40, respectively, are likewise allowable over Drews 
in view of Bari in further view of Hanna at least for the reasons given above with respect to 
claims 24, 28, 32, 36, and 40, respectively. Thus, the Applicant respectfully requests that the 
Examiner withdraw this art grounds of rejection. 

New Claim 

The Applicant has added claim 46, which depends from independent claim 1, and recites, 
"wherein the application requesting the server credential is one of a plurality of applications 
running at the device, and the application identifier identifies only the application requesting the 
server credential." Support for this feature may be found within [0034], [0045], etc. As 
discussed previously, Drews, Bari and Hanna are each silent regarding any type of application 
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authentication, and are rather limited to authenticating users or devices. Claim 46 emphasizes 
that the application authentication is selective and applies to the application identified by the 
application identifier. This serves to further distinguish the claims from Drews, Bari and Hanna, 
which authenticate users or platforms only, such that all applications run by the user or platform 
would be authenticated if a credential were to be granted. For at least this additional reason, the 
Applicant respectfully requests an indication of allowance for claim 46. 

Reconsideration and issuance of the present application is respectfully requested. 
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CONCLUSION 

In light of the amendments contained herein, the Applicant respectfully submits that the 
application is in condition for allowance, for which early action is requested. Should the 
Examiner believe a telephone interview would be helpful to expedite favorable prosecution, then 
the Examiner is invited to contact applicants' undersigned representative at the telephone 
number below. 

Please charge any fees or overpayments that may be due with this response to Deposit 
Account No. 17-0026. 



Respectfully submitted, 



Dated August 30, 2008 By: /Fariba Yadegar-Bandari/ 



Fariba Yadegar-Bandari 
Reg. No. 53,805 
(858) 651-0397 

QUALCOMM Incorporated 

Attn: Patent Department 

5775 Morehouse Drive 

San Diego, California 92121-1714 

Telephone: (858) 658-5787 

Facsimile: (858) 658-2502 
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